In this article, we will do a MalCare Review to see how this plugin can protect your WordPress website. WordPress websites are prone to hacking especially if a lot of plugins are used to do various things and extend WordPress functionalities. With time the number of WordPress hacks increased and you need a WordPress Security plugin to keep you safe from hackers.
Most of the WordPress hacks are happening thru vulnerabilities in plugins you have installed, so you need to have the plugins constantly updated and files scanned for malware to be sure you are protected.
Prevention is the way you should go but you need also a service that is reacting when your WordPress is hacked. In case the inevitable happens you have a way to clean your website fast from hacked files.
A hacked website can be downgraded by Google so you risk losing the SEO traffic, plus your brand image will have to suffer if your website will be hacked. That’s why is very important to keep your website protected especially if you are a big brand or you have a lot of visitors.
MalCare is a WordPress security plugin that offers several features to protect your website from attacks. It scans your website for common vulnerabilities and provides mitigation recommendations, such as updating outdated plugins and installing the latest security updates.
MalCare also monitors your site for changes, alerts you if there are any suspicious activities, and keeps logs of all activities so you can track down issues.
Overall, MalCare is a great plugin that helps keep your WordPress site secure, besides the security checks and security cleanups MalCare is also offering WAF protection, login protection, and backups. It offers a variety of solutions to keep your website safe.
In this article, we will make a detailed review of MalCare to see how exactly can help you protect your website. I have used this plugin on some of the websites and I have a good experience with it. We will see the pros and cons and what the free version of MalCare has to offer in terms of site protection.
Let’s see exactly what MalCare has to offer and how it can protect your website from hacks, we will see the free features and premium ones so you can see which version is for you.
There is a free version of MalCare that can be used to protect your website, the free MalCare security solution will only help you detect when a website is hacked and will not offer any cleanup solution, this is one of the major differences.
Daily Malware Scans – Free
The malware scan will not happen on your website but the plugin will use its own servers to scan for infected files. This will help your site performance as will not slow down your website. Besides scanning every file they will also scan your database for malware. They are having 100+ Intelligent Signals that are used to track malware.
MalCare daily scans will monitor file changes and will check for vulnerabilities in your plugins and themes, all of these are for free. You can extend the daily scan with the pro features that will make 6 hours scans or on-demand scans.
MalCare will notify you only when there is an actual problem, you will not be flooded or scared with file change emails if there isn’t any threat.
The biggest site that is scanned has 330GB so they are capable of scanning large sites also, you don’t need to worry.
This is how their interface is looking, you can go deeper and see exactly the files if you click on the 4013 files or the 3 databases. In case your site is infected this is the place where you will see what file is infected.
WordPress Firewall & Boot Protection – Free
These 2 features are included in the free version so you will not need to pay any money for them. They have a custom WAF, especially for WordPress that will help in keeping your WordPress website safe. MalCare WAF will not slow down your website and is constantly updated with new rules to be better protected. The rules are automatically added by the MalCare team so you don’t need to do anything.
MalCare bot protection will block bad bots from brute force attacks and will prevent your website from being down. MalCare is also monitoring the login attempts and will block malicious requests or add a Captcha after multiple failed requests.
All of these are done from the plugin and you don’t need to change any DNS records or nameserver.
In the above pictures, you have the details about the monitored request for more details you need to go and show more. If you want to have a specific IP or request blocked you need to create a support ticket for them and they will do that for you.
Extra Hardening Security – Free
In case you want to apply some extra hardening to your WordPress installation you have also this option, you can protect your WordPress installation with some of the below options:
- Block PHP Execution in Untrusted Folders – as the name is sugesting this addition will prevent execution of PHP files, you need to be carefull with this setting as it may cause issues with some plugins that needs uploads PHP execusions.
- Disable Files Editor – this will disable the file editor in wp-admin
- Block Plugin/Theme Installation – will block installing new themes and plugins.
- Change Security Keys – Change the security keys in wp-config.php. This will invalidate all the cookies etc.
- Reset All Passwords – will reset all passwords
Administrate Themes/Plugins and Users – Free
Another free future that can be done directly from the MalCare interface is the administration of plugins, themes, and users. You can update them, add new plugins or disable or add new users. This is useful as you don’t need to go into the admin area for these things, especially if you are using MalCare for multiple websites and you want one central location for all this.
Here stop the features that are included in MalCare free, the free option is ideal for the ones that want to have active monitoring of their WordPress website.
Instant Malware Removal – Basic Plan
The biggest difference made by the Basic plan which cost 99$ a year is the instant malware removal. This extra service will help you clean your infected website with just a click. With this service, you will react fast to the infraction and your users will not be affected by any infection also you will not be penalized by Google as MalCare will disinfect your site.
If you take into consideration that other services that will handle malware removal costs more the 100$ and reacts on request this service is worth every penny.
Uptime and Performance – Basic Plan
In beta testing with the basic plan, you will have also uptime monitoring and performance tests. You will be notified when the website is down and you will see how fast the website is loading, bellow is a picture with this enabled:
All of these details will also be displayed in the weekly report that you can generate.
Backups – Plus Plan
MalCare with the upper plans that start from 149$ is also adding the backup features, with this plan you have daily backups, and with the Pro plan, you have 4 backups a day. In case you have a big website with a lot of activity MalCare also has an addon that costs 100$ per website/year that does real-time backups.
Backups are encrypted and stored in offsite locations, you can restore your WordPress website easily even if you have 100GB +. Backups are retained for 365 days. Besides taking care of your website MalCare is a great solution for backups.
Backups are done thru blogvault so with just an extra 50$ a year you have the best of both worlds backups and security.
Activity Logs – Plus Plan
This will track all the changes that are done to your WordPress website, from new user addition, comments new posts, or pages to WooCommerce orders. This is a great feature if you want to keep track of what is happening on your WordPress website
Integrated Staging Site – Plus Plan
With the Plus plan, you can also create staging websites, this is important especially if you want to test something. It’s nice that you have this option in the Plus plan. Staging sites can be created with just a click from your backup.
All the options and reports are stored in the MalCare portal, the plugin is only a gate that is allowing MalCare to communicate with the website. MalCare interface is easy to use and has a nice design all the features that you need are at a click distance.
You have a central location where you can see all the sites you have and you can go deeper and access reports for every site you own. Bellow is the website interface to have an idea:
During my stay with MalCare, I have a few support tickets created for them, some were for the MalCare Free plan and others for the Basic plan. One time I need an IP to be blocked and they did that in 1 hour. Overall I can say that MalCare support is pretty good and they are responding very fast. For any issues, you can rely on their support.
From the pricing perspective, MalCare is quite affordable, you can start with the free plan and upgrade after you are convinced but don’t wait for your website to have issues. The 99$ annual fee for the basic plan it’s a seal if you take into consideration that you will pay more for other services just to clean up your site. Below is a picture of their current pricing options:
If you are choosing multiple websites you have a better price as a bulk. All the plans come with 30 days’ money back. In case you are not OK with what MalCare has to offer you can request your money back.
MalCare Performance Impact
Any WordPress security plugin usually adds some slowness to your website, this is happening mostly when all the things like file scanning, reports are stored on your website. MalCare is not doing any of that so the performance impact is minimal. I have done a test with the plugin enabled and disabled to see exactly what extra requests are added to a live site. There is no request added to the website which is normal as the plugin is working with the background. There are the same number of requests and load time with the plugin installed and enabled and installed:
The only load you will notice is when the backup will run to take the snapshot of your files to check them for malware. Other than that WAF is not adding any extra load.
This is one of the best plugins that you can use to secure your WordPress website, the features and the fact that is not loading your site make Malcare a top choice when it comes to the best WordPress security plugin. Below are the pros and cons of the MalCare plugin:
- Simple Setup
- Good Price
- Greate Free Features
- Easy Malware Cleaning
- Doesn’t Load Your Site
- Grate Malware Scanner
- No Unlimited Plan
- No Possibility to Manual Block IPs
- No Manual Bot Block Option
Because WordPress is the most used CMS online there are a lot of attacks and WordPress security is a big marketplace. There are some good alternatives to MalCare if this MalCare review didn’t convince you, some of them are Sucuri, iThemes Security or WordFence
MalCare vs Sucuri
Sucuri as MalCare is offering all the features that MalCare has, the only difference is that you have more in-depth WAF settings and you have SSL and CDN with their premium service. All of those come with a cost their plan starts from 199$. As MalCare Sucuri has periodic scans (12hours), automatic removal of malware, file change detection, and various other things. You can check the details on their website to see the complete list.
MalCare vs iThemes Security
iThemes Security there is another security plugin that can help you secure your WordPress site. It is different from MalCare as it doesn’t clean your infected file, it just notifies you. iThemes Security has other extra features like 2FA activation or increased security for passwords. iThemes has the dashboard directly into your WordPress website so it can make slower MalCare. I would recommend MalCare over iThemes Security if you would ask me. The plus on iThemes Security is that it comes at a lower price starting from 52$.
MalCare vs WordFence
WordFence is another WordPress security plugin that scans your website and has a build-in WAF. It is offering a free version that for most can be enough for a basic check. It will help you protect your website and tries to clean up your website but it doesn’t really do a good job. WordFence it’s using your server for all the scans and can slow down your website a lot. Still, MalCare is the best option in comparison with WordFence.
For a complete list of alternatives, you can check my article Best WordPress Security & Malware Plugins.
MalCare is a great resource that can protect your website against hacks and help you be notified in time if you choose the free option or help you clean your infected site. I had a good experience with MalCare and I recommend it as some of the best WordPress security plugins. You can drop a comment with your opinion if you like.